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DETAILED ACTION 

The instant application having Application No. 10/540,219 is presented for 
examination by the examiner. Claims 1-9, 11-21, 23-30, 32, 33, and 35-40 are pending. 
Claims 1,17, and 26 have been amended. 

Response to Amendment 

Claim Objections 

Claim 17 is objected to because of the following informalities: 
The number 25 appears in the newly amended limitation. 

Response to Arguments 

Applicant's arguments filed 8/17/09 have been fully considered but they are not 
persuasive. Applicant has argued that the newly added limitation to the independent 
claims distinguishes the claimed invention from the Naccache reference. Examiner 
respectfully disagrees. The following interpretation of the prior art is solely based on the 
current set of claims and arguments submitted by the Applicant. It is not the only 
possible interpretation of the prior art and may be altered when/if the claims and/or 
arguments change. 

Naccache teaches in column 9, starting at line 26 a first monitoring instruction 
which corresponds to the claims' "one instruction for initializing the calculation of the 
second signature". This first monitoring instruction initializes the second signature to 
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zero (see figure 2, Inst. 0 = V -> 0). In column 9, starting at line 51 , Naccache teaches 
a second monitoring instruction which has two parts, a reference value and a command. 
The command instructs the comparison to be made between the two hash values. This 
second monitoring instruction corresponds to the claims' "one instruction for controlling 
the calculation of the second signature " because it finalizes the hashing function over a 
set of instruction and executes the comparison command. The fact that the second 
monitoring instruction terminates the hashing initialized by the first monitoring instruction 
reads on the controlling aspect of the claim. Therefore, Examiner must maintain the 
previous 102 rejection with respect to Naccache. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



Claims 1-4, 8, 9, 11-21, 23-28, 32, 33, and 35-40 are rejected under 35 U.S.C. 
102(e) as being anticipated by USP 7,168,065 to Naccache et al, hereinafter Naccache. 
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As per claim 1 , Naccache teaches a method of making secure the execution of a 
computer program (EXE) including a set of at least one instruction, which method is 
characterized in that it includes: 

- a first step (E30), prior to the execution of the computer program, of calculating and 
storing a first signature (SIG1 ) representative of the intended execution of the set of 
instructions (col. 4, lines 25-29), 

- a second step (E50), during the execution of the set of instructions, of calculating and 
storing a second signature (SIG2) representative of the execution of the set of 
instructions (col. 4, lines 35-36), and 

- a step (E60) of detecting an anomaly in the execution of the set of instructions on the 
basis of the first signature (SIG1 ) and the second signature (SIG2) (col. 4, lines 38-39), 
wherein said set of instructions comprising at least one instruction for initializing the 
calculation of the second signature (col. 9, lines 25-30) and at least one instruction for 
controlling the calculation of the second signature (col. 9, lines 51-55). 

As per claim 26, Naccache teaches a device for making secure the execution of 
a computer program including a set of instructions comprising at least one instruction, 
which device is characterized in that it includes (see abstract): 

- a first register (REG1) (col. 4, line 8) for storing a first signature (SIG1) representative 
of the intended execution of the set of instructions (col. 4, lines 25-29), 

- means (22) for calculating and storing in a second storage register (REG2) (col. 6, line 
18) during the execution of the set of instructions a second signature (SIG2) 
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representative of the execution of the set of instructions (col. 4, lines 35-36), and 

- means (24) for detecting an anomaly in the execution of the set of instructions on the 
basis of the first signature (SIG1) and the second signature (SIG2) (col. 4, lines 35-36), 
wherein said set of instructions comprising at least one instruction for initializing the 
calculation of the second signature (col. 9, lines 25-30) and at least one instruction for 
controlling the calculation of the second signature (col. 9, lines 51-55). 

As per claim 2, Naccache teaches that the first calculation and storage step 
(E30) is executed during the generation [preparation] of the instructions (Al, AI3) of the 
computer program (col. 4, line 25). 

As per claims 3 and 27, Naccache teaches that the second signature (SIG2) 
stored during the second calculation and storage step (E50) is retained in memory 
during the execution of at least one second instruction following the set of instructions 
(col. 5, lines 4-6 and 64-68). Naccache teaches using one the preceding values in 
memory to calculate the next value, so therefore it must remain in memory. 

As per claims 4 and 28, Naccache teaches the first signature (SIG1) is obtained 
from the number of instructions in the set of instructions [accounts for each number of 
the instructions] (col. 9, lines 23-27), 

- the second signature (SIG2) is obtained from the number of instructions from the set of 
instructions that have been executed [numerical value of executed instructions](col. 9, 
lines 31-35), and in that 

the detection step (E60) detects an execution anomaly when the first signature (SIG1) 
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and the second signature (SIG2) are different after the execution of the set of 
instructions [compare VHn to Vref] (col. 9, lines 60-64). 

As per claims 8 and 32, Naccache teaches the first signature (SIG1) is obtained 
from the code of a critical instruction of the set of instructions (col. 4, lines 25-29), 

- the second signature is obtained from the code of the critical instruction, that code 
being stored at the same time as or after the execution of the critical instruction Gump] 
(col. 14, lines 32-35), and in that 

- the detection step (E60) detects an execution anomaly when the first signature (SIG1) 
and the second signature (SIG2) are different after the execution of the set of 
instructions (col. 10, lines 14-19). 

As per claims 9 and 33, Naccache teaches the first signature (SIG1 ) is obtained 
from the address of a critical instruction (col. 5, line 51 ) of the set of instructions, the 
address being obtained during or after the generation of the executable code of the set 
of instructions (col. 4, lines 25-29), 

- the second signature (SIG2) is obtained from the address of the critical instruction, that 
address being stored (E30) at the same time as or after the execution (E30) of the 
critical instruction (col. 14, lines 32-38), and 

- the detection step (E60) detects an execution anomaly when the first signature (SIG1) 
and the second signature (SIG2) are different after the execution of the set of 
instructions (col. 10, lines 14-19). 

As per claims 1 1 and 35, Naccache teaches the first signature (SIG1) and the 
second signature (SIG2) are error detector codes (CRC1 , CRC2) calculated from the 
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code or from an address of an instruction of the set of instructions (col. 5, lines 53-58), 
and in that the detection step (E60) detects an execution anomaly when the first 
signature (SIG1) and the second signature (SIG2) are different after the execution of the 
set of instructions (col. 10, lines 14-19). 

As per claims 12 and 36, Naccache teaches that the error detector codes are 
cyclic redundancy check codes (col. 5, lines 53-58). 

As per claims 13 and 37, Naccache teaches that the error detector codes are 
obtained by the logical combination (XOR) of the code or an address of at least one 
instruction of the set of instructions (col. 5, lines 53-58). Naccache teaches the use of 
CRC which perform logical combination (XOR included) in order to carry out the 
operation. Examiner is not giving XOR patentable weight here as the syntax implies 
XOR as an example of logical combination. 

As per claims 14 and 38, Naccache teaches the first signature (SIG1) and the 
second signature (SIG2) are respectively obtained during the generation and the 
execution of the instructions from at least two elements chosen from: 
the number of instructions in the set of instructions, 

the code of at least one instruction of the set of instructions (col. 5, lines 45-51 ), 
the address of at least one instruction of the set of instructions (col. 5, lines 45-51 ), and 
an error detector code calculated from the code or an address of at least one critical 
instruction of the set of instructions, the address being obtained during or after the 
generation of the executable code of the set of instructions (col. 5, lines 53-59), and in 
that the detection step (E60) detects an execution anomaly when the first signature 



Application/Control Number: 10/540,219 Page 8 

Art Unit: 2431 

(SIG1 ) and the second signature (SIG2) are different after the execution of the set of 
instructions (col. 10, lines 14-19). Naccache teaches using the code and address as 
hash inputs thus two criteria from the list are chosen. 

As per claims 15 and 39, Naccache teaches that it includes a step (E70) of 
destroying at least a portion of the system on which the computer program is executed, 
this step of destroying being made when an execution anomaly is detected in the 
detection step (col. 4, line 45). 

As per claim 16, Naccache teaches in that the first signature (SIG1) is generated 
automatically [already generated before execution of program] (col. 4, line 25-30). 

As per claim 17, Naccache teaches a device for processing a computer program 
including a set of at least one instruction, characterized in that it includes means (12) for 
calculating and storing a first signature (SIG1), the first signature (SIG1) stored in a 
memory and the first signature is representative of the intended execution of the set of 
instructions prior to the execution thereof (col. 4, lines 25-30), said set of instructions 
comprising at least one instruction for initializing the calculation of the second signature 
(col. 9, lines 25-30) and at least one instruction for controlling the calculation of the 
second signature (col. 9, lines 51-55). 

As per claim 18, Naccache teaches the first signature (SIG1) [Vref] are adapted 
to calculate and store information obtained from the number of instructions of the set of 
instructions (col. 9, line 65 - col. 10, line 5). 



Application/Control Number: 10/540,219 Page 9 

Art Unit: 2431 

As per claim 19, Naccache teaches the means (12) for calculating and storing 
the first signature (SIG1) are adapted to obtain and store information obtained from the 
code of a critical instruction [jump] of the set of instructions (col. 14, lines 33-35). 

As per claim 20, Naccache teaches means for generating executable code from 
the computer program (col. 8, lines 35-36). 

As per claim 21 , Naccache teaches the means for calculating and storing the first 
signature (SIG1) are adapted to obtain and store information obtained from the address 
of a critical instruction (col. 5, line 51 ), the information being obtained of the set of 
instructions by the means (14) for generating executable code (col. 8, lines 35-40). 

As per claim 23, Naccache teaches that the means (12) for calculating and 
storing the first signature (SIG1 ) are adapted to calculate and store information obtained 
from an error detector code (CRC1 ) calculated from the code or an address of at least 
one instruction of the set of instructions (col. 5, lines 53-58). 

As per claim 24, Naccache teaches that the error detector code (CRCI) is a cyclic 
redundancy check code (col. 5, line 57). 

As per claim 25, Naccache teaches that the error detector code is obtained by a 
logical combination (XOR) of the code or an address of at least one instruction of the 
set of instructions (col. 5, lines 53-58). Naccache teaches the use of CRC which 
perform logical combination (XOR included) in order to carry out the operation. 
Examiner is not giving XOR patentable weight here as the syntax implies XOR as an 
example of logical combination. 
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As per claim 40, Naccache teaches a microcircuit card [smart card] characterized 
in that it includes a securing device according to claim 26 (col. 6, lines 27-35). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 1 02 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claims 5-7, 29, and 30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Naccache. 

As per claims 5 and 29, Naccache teaches the first signature (SIG1) is obtained 
from the number of instructions in the set of instructions [accounts for each number of 
the instructions] (col. 9, lines 23-27). The calculation performed in these claims is an 
obvious mathematical variation to those taught by Naccache and in claim 4. Claim 4 
calculates a running hash value by each of executed instructions and ultimately 
compares the final result to the reference hash value. This ensures that each 
instruction is proper and that the instructions in the set are executed in the correct order. 
One of ordinary skill in the art could have simply run the hash on the unexecuted 
instructions and subtracted that value to the reference hash to achieve the same 
desired result. This provides the same assurance that each proper instruction was 
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executed in the correct order. Once all of the instructions are executed, the value 
should be zero if they all matched the reference hash value. This is simply an 
operational design choice. The claim would have obvious because one of ordinary skill 
in the art can substitute equivalent known methods which yield predictable results. 

As per claims 6 and 30, Naccache teaches that an interrupt of the computer 
program is triggered when the value of the second signature (SIG2) is below a 
predetermined threshold (col. 4, lines 40-47). 

As per claims 7, Naccache teaches that the first signature (SIG1) and the second 
signature (SIG2) are retained in memory (col. 1 , line 47) during the execution of the 
program in the same register (REG1) (col. 9, lines 13-17). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on 571-272-7589. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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